2012/12/6 Martijn Grooten <martijn(_dot_)grooten(_at_)virusbtn(_dot_)com>:
You could also use aimport dot no (as some spammer sending a fake Twitter
email did an hour ago). That domain doesn't have an SPF record either.
simple users are more confident if the sender seems real !
As we're talking about the MAIL FROM in the SMTP envelope, which usually
isn't shown to the user, I don't think this is a big problem.
faking From: header is as simple as faking MAIL FROM envelope !
Perhaps your MTA or spam-filter does use the MAIL FROM in its decision
whether to deliver the email or not. If it decides to deliver the message
because it claims to come from Twitter, uses a subdomain of twitter.com and
didn't fail SPF than that's very wrong. But I don't think it's SPF's fault.
I didn't say is SPF's fault. It's our fault
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg